A British man, a Florida man, and a Florida teen who hacked the Twitter accounts of prominent politicians, celebrities, and technology moguls to scam people around the globe out of more than $100,000 in Bitcoin, have been charged.
Seventeen-year-old Graham Ivan Clark was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as adult. He faces 30 felony charges, according to a news release. 19-year-old Mason Sheppard, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, were charged in California federal court.
In one of the most high-profile security breaches in recent years, hackers sent out bogus tweets on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David L. Anderson for the Northern District of California said in a news release.
“Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.”
Although the case against the teen was also investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren explained that his office is prosecuting Clark in Florida state court because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate.
“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said.
Twitter previously said hackers used the phone to fool the social media company’s employees into giving them access. It said hackers targeted “a small number of employees through a phone spear-phishing attack.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems, the company tweeted.